3DS/Nintendo, HTTPS, and a new POODLE exploit...usable?

Discussion in '3DS - Flashcards & Custom Firmwares' started by planetarian, Dec 12, 2014.

  1. planetarian
    OP

    planetarian GBAtemp Regular

    Member
    131
    144
    Aug 5, 2014
    United States
    Edit: the 3DS service URLs are not vulnerable to this attack; nothing to see here.


    OP:
    So, this was discovered a few days ago:

    http://arstechnica.com/security/201...sses-tls-crypto-bites-10-percent-of-websites/

    I did a quick check and Nintendo.com is apparently vulnerable to this:
    https://www.ssllabs.com/ssltest/analyze.html?d=nintendo.com
    ... which likely means that other Nintendo related domains (including those used by the 3DS for updates/etc) are vulnerable as well.

    So, I'm not 100% familiar with SSL mechanisms and HTTPS encryption in general, but it does seem as though Ninty encrypting all of their communications has been one of the numerous roadblocks this community has had to deal with. Given my lack of familiarity on the subject, I hope to pose the question to the more knowledgeable members of the community before this vulnerability is plugged: Do you think this is exploitable for us in any way?
     
    Margen67 likes this.
  2. yuyuyup

    yuyuyup GBAtemp Psycho!

    Member
    3,336
    767
    Apr 30, 2006
    United States
    USA MTN timezone
    POODLE exploit confirmed
    [​IMG]
     
    filfat, Sirius64, Margen67 and 5 others like this.
  3. AmeenX

    AmeenX GBAtemp Regular

    Member
    257
    80
    May 19, 2014
    Antigua and Barbuda
    Bejaïa
    hahaha.... it's not funny anymore
     
  4. Pippin666

    Pippin666 SSF43DE Master

    Member
    1,801
    241
    Mar 30, 2009
    Canada
    Montreal, Qc
    The browser of the 3Ds is sandboxed right ??

    Pip'
     
  5. Celice

    Celice GBAtemp Advanced Maniac

    Member
    1,916
    354
    Jan 1, 2008
    United States
    So was the WiiU, but that didn't stop arbitrary memory changes in games, as as far as Mr. Bean et. all suggest, arbitrary file loading, from resource swapping to full-on back-up loading.

    If this is a real exploit, the scene members will look into it, and we'll know something in the coming weeks.
     
    Margen67 likes this.
  6. PhoenixWrightX

    PhoenixWrightX GBAtemp Regular

    Member
    219
    130
    Jun 11, 2014
    United States
    Yeh because the nintendo WEBSITE holds the keys to exploiting the 3DS................
     
  7. Oishikatta

    Oishikatta GBAtemp Advanced Fan

    Member
    971
    545
    Oct 30, 2014
    United States
    The poodle exploit allows for decryption, not forgery.

    There is no use with regards to the 3DS.
     
  8. einstein95

    einstein95 GBAtemp Regular

    Member
    228
    138
    Aug 31, 2013
    New Zealand
  9. planetarian
    OP

    planetarian GBAtemp Regular

    Member
    131
    144
    Aug 5, 2014
    United States
    PhoenixWrightX : Please read more carefully, I wasn't saying that. I was wondering if the actual services used by the 3DS were vulnerable to the same exploit. Obviously Nintendo.com is meaningless to our efforts, but if one domain under a given company is vulnerable, others often are as well. That ended up not being the case here, but it was worth checking out.

    Oishikatta : I expected as much; I was wondering if the ability to analyze communication directly might be of some utility.

    einstein95 : Alrighty, that puts this subject to rest quite clearly. I find it rather unusual that they seemingly have different HTTPS configurations between their services, but props to them for keeping the actually important stuff more secure (though I admit I am somewhat baffled that they don't have a trusted SSL certificate...)
     
  10. Friendsxix

    Friendsxix Introspective Potato

    Member
    208
    138
    May 6, 2008
    United States
    Best Hemisphere
    Reran the test. It seems that Nintendo.com has SSLv3 disabled now, so no more vuln.
     
  11. planetarian
    OP

    planetarian GBAtemp Regular

    Member
    131
    144
    Aug 5, 2014
    United States
    Friendsxix : this is actually a newly-discovered vulnerability regarding TLS, rather than SSLv3. TLS is supposed to have restrictions on whitespace (which is what the POODLE attack utilizes), but there are some servers that do not enforce these checks. Nintendo.com is still vulnerable, but the URLs used by 3DS services are not.
     
  12. Friendsxix

    Friendsxix Introspective Potato

    Member
    208
    138
    May 6, 2008
    United States
    Best Hemisphere
    Check the page again: https://www.ssllabs.com/ssltest/analyze.html?d=nintendo.com
    It says it is not vulnerable. >.>
    Edit: Though it does say "Timeout" for "POODLE (TLS)," I swear earlier it said "POODLE (SSLv3)" was vulnerable. (When your thread was first made.)

    EDIT#3: Retracting Edit#2 until I check it again. -.-

    EDIT#4: Okay, clicked the wrong link in my history before, so edit 2 was wrong. However, just for fun, https://www.ssllabs.com/ssltest/analyze.html?d=npdl.cdn.nintendowifi.net is vulnerable. ("POODLE (SSLv3)")
     
  13. planetarian
    OP

    planetarian GBAtemp Regular

    Member
    131
    144
    Aug 5, 2014
    United States
    Dunno. It's said this regarding nintendo.com (which, of course, is useless) for me the whole time:
    [​IMG]

    And... once again I remain baffled at how inconsistent their HTTPS configuration is. lol
     
    Friendsxix likes this.